Information Security Specialist - 3rd Party Vendor Risk Management

Job Title: Information Security Vendor (3rd Party) Risk Management Subject Matter Expert (SME)

Location: Remote

Position Type: Full-Time/ Part Time

About Us:
Our client, a prominent player in the global shipping industry, has a steadfast commitment to cybersecurity excellence. They understand the vital role third-party vendors play in their operations and the significance of effectively managing associated security risks.

In line with their dedication to safeguarding digital assets and ensuring business continuity, our client is seeking an experienced Information Security Vendor (3rd Party) Risk Management SME. This role underscores their commitment to fortify security measures and resilience in partnership with third-party collaborators.

Key Responsibilities:

As an Information Security Vendor (3rd Party) Risk Management SME, you will:

1. Risk Assessment and Prioritization: Utilize a variety of 3rd party risk management frameworks and best practices to prioritize, assess, and mitigate security risks associated with our extensive network of third-party vendors (approximately 50,000 globally). Recommend pragmatic and efficient methods to manage these risks effectively.
2. Vendor Risk Expertise: Leverage your extensive experience and focus on third-party (vendor) risk management to ensure that our organization remains resilient and secure in a complex global environment.
3. Innovative Risk Assessment: Identify innovative and modern techniques for efficiently assessing and segmenting 3rd party security risks, enabling us to make informed decisions and allocate resources effectively.
4. Industry Insights: Bring your 3rd party risk management experience and insights from similar mid-sized, multi-country organizations to enhance our risk management strategies.
5. Process and Policy Enhancement: Collaborate with stakeholders to define and recommend new processes and policies that streamline and optimize third-party security risk management practices. Emphasize simplicity, efficiency, and intuitiveness in all processes.
6. Risk Reporting: Design and structure suitable risk management information (MI) and risk dashboards that provide intuitive, efficient, and easy-to-adopt insights into third-party security risks.
7. Documentation and Communication: Maintain thorough documentation of 3rd party security risk assessments, findings, and recommendations. Present these findings in clear, actionable reports to drive informed decisions and remediation efforts.
8. Tool Development: Place a strong emphasis on defining simple, efficient, and intuitive risk management tools that align with our commitment to excellence in cybersecurity.

Requirements

Qualifications:

To excel in this role, you should possess the following qualifications and attributes:

• Strong foundation in cybersecurity principles, technologies, and tools.
• Familiarity with industry-standard security frameworks, such as NIST, ISO 27001, and CIS Critical Security Controls.
• Up-to-date knowledge of the latest cybersecurity threats and trends.
• Experience in the global shipping industry is preferable but not essential.
• Proven expertise with a demonstrated career focus on 3rd party (vendor) risk management.
• Extensive experience with 3rd party risk management frameworks and best practices.
• Innovative mindset to efficiently assess and segment 3rd party security risks in large organizations.
• Previous experience in similar roles within mid-sized, multi-country organizations.
• Track record of defining and recommending new processes and policies for efficient 3rd party security risk management.
• Proficiency in designing intuitive risk management information (MI) and risk dashboards.
• Strong documentation and communication skills, with an ability to present complex information clearly and concisely.